salt
/
linux-formula
geforkt von ExternalMirrors/linux-formula
Beobachten 1
Favorisieren 0
Fork 0
Code Releases 8 Aktivität
Saltstack Official Linux Formula
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
625 Commits
26 Branches
Struktur: 563f47cfac
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „563f47cfac“
${ noResults }
linux-formula/README.rst

README.rst 47KB
Originalformat Normale Ansicht Verlauf

Update README.rst
vor 7 Jahren
Initial commit
vor 9 Jahren
Update README.rst
vor 7 Jahren
Initial commit
vor 9 Jahren
Update README.rst
vor 7 Jahren
Initial commit
vor 9 Jahren
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
vor 7 Jahren
Initial commit
vor 9 Jahren
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
vor 7 Jahren
Initial commit
vor 9 Jahren
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
vor 7 Jahren
Initial commit
vor 9 Jahren
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
vor 8 Jahren
Update README.rst
vor 7 Jahren
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
vor 8 Jahren
Update README.rst
vor 7 Jahren
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
vor 8 Jahren
Update README.rst fixed typo in sudo part
vor 7 Jahren
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
vor 8 Jahren
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
vor 7 Jahren
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
vor 8 Jahren
Initial commit
vor 9 Jahren
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
vor 8 Jahren
Initial commit
vor 9 Jahren
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
vor 7 Jahren
Initial commit
vor 9 Jahren
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
vor 7 Jahren
Initial commit
vor 9 Jahren
Support for setting security limits
vor 9 Jahren
Enable/disable console autologin
vor 9 Jahren
More options for consoles
vor 9 Jahren
Enable/disable console autologin
vor 9 Jahren
Allow setting policy-rc.d
vor 9 Jahren
Allow setting system locales
vor 8 Jahren
Fix readme of cs_CZ locales
vor 8 Jahren
Allow setting system locales
vor 8 Jahren
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
vor 7 Jahren
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
vor 7 Jahren
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
vor 7 Jahren
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
vor 7 Jahren
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
vor 7 Jahren
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
vor 7 Jahren
Add support file.serialize in linux:system:file Ensure presence of file to be serialized through one of the serializer modules (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):
vor 6 Jahren
Make linux.system.kernel functional
vor 9 Jahren
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
vor 8 Jahren
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
vor 6 Jahren
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
vor 7 Jahren
Make linux.system.kernel functional
vor 9 Jahren
Linux sysctl kernel parameters
vor 9 Jahren
Handle kernel boot options The 'system.kernel.elevator' and 'system.kernel.isolcpu' options have been kept for backward compatibility and should be used in new fashion way with system.kernel.boot_options parameter. Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
vor 7 Jahren
cpu governor
vor 8 Jahren
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
vor 7 Jahren
cpu governor
vor 8 Jahren
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
vor 7 Jahren
cgroups PROD-16845 Change-Id: Iabc6f4584e34c988e67ff42ee8ceb20c469823d6
vor 7 Jahren
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
vor 7 Jahren
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
vor 6 Jahren
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
vor 7 Jahren
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
vor 7 Jahren
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
vor 7 Jahren
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
vor 6 Jahren
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
vor 8 Jahren
Mend hugepages config * make unique mounted device * hugepages realtime setup for default pagesize only Change-Id: Ifa369f62a993c59c7b2c471b273fa795cc794e24 Closes-Bug: PROD-19825
vor 6 Jahren
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
vor 8 Jahren
cpu governor
vor 8 Jahren
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
vor 8 Jahren
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
vor 8 Jahren
cpu governor
vor 8 Jahren
Initial commit
vor 9 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
vor 7 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
vor 7 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
README fix for purging repos
vor 7 Jahren
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
vor 7 Jahren
README fix for purging repos
vor 7 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
rc.local added to linux formula
vor 9 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Allow setting system-wide prompt
vor 9 Jahren
Ensure PS1 is enforced for root
vor 9 Jahren
rc.local added to linux formula
vor 9 Jahren
Option to preserve bash history
vor 8 Jahren
Configure interactive logon message This is also covers the following CIS items * CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored) Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56 Related-Prod: PROD-19166
vor 6 Jahren
Set message of the day
vor 9 Jahren
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
vor 6 Jahren
Set message of the day
vor 9 Jahren
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
vor 6 Jahren
Set message of the day
vor 9 Jahren
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
vor 7 Jahren
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
vor 7 Jahren
Add support of mcelog service Change-Id: I32c83d63e7f359704ab6cc77dec07a1617880fbb Prod-Related: PROD-20137
vor 6 Jahren
RHEL compatibility of motd and prompt
vor 9 Jahren
Support for haveged
vor 9 Jahren
RHEL compatibility of motd and prompt
vor 9 Jahren
Support for haveged
vor 9 Jahren
Initial commit
vor 9 Jahren
example usage to disable NM
vor 9 Jahren
Initial commit
vor 9 Jahren
example usage to disable NM
vor 9 Jahren
Initial commit
vor 9 Jahren
vlan networking support
vor 9 Jahren
fix fillar syntax
vor 9 Jahren
vlan networking support
vor 9 Jahren
Initial commit
vor 9 Jahren
vlan networking support
vor 9 Jahren
Initial commit
vor 9 Jahren
vlan networking support
vor 9 Jahren
Initial commit
vor 9 Jahren
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
vor 7 Jahren
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
vor 6 Jahren
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
vor 7 Jahren
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
vor 6 Jahren
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
vor 7 Jahren
Initial commit
vor 9 Jahren
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
vor 7 Jahren
ifdown ifup fix PROD-16903 Change-Id: I660f745fc7518836f262b08fb92d39bbbe7a24e8
vor 7 Jahren
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
vor 7 Jahren
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
vor 7 Jahren
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
vor 7 Jahren
Add linux.network.systemd support
vor 7 Jahren
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
vor 7 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
vor 7 Jahren
Initial commit
vor 9 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Initial commit
vor 9 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Initial commit
vor 9 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
vor 7 Jahren
Add system.env, system.profile, system.proxy and configure proxy under system.repo
vor 7 Jahren
Initial commit
vor 9 Jahren
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
vor 8 Jahren
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
vor 7 Jahren
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
vor 8 Jahren
Initial commit
vor 9 Jahren
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
vor 8 Jahren
Initial commit
vor 9 Jahren
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
vor 8 Jahren
Initial commit
vor 9 Jahren
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
vor 7 Jahren
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
vor 8 Jahren
Allow setting resolv.conf
vor 9 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Allow setting resolv.conf
vor 9 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
fix options setting in resolv
vor 8 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
vor 7 Jahren
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
vor 8 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Allow setting resolv.conf
vor 9 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
vor 7 Jahren
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
vor 8 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
vor 7 Jahren
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
vor 8 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Adding lacp support for ovs dpdk bond Change-Id: Icd1745d401ec275687a007e6683175a13569f2b4
vor 6 Jahren
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
vor 8 Jahren
[dpdk] Support ovs bridge tagging Bring in "tag" option for dpdk/ovs bridges to support vlan-tagged vxlan mode. Change-Id: I7f1f88233694f2c8b968a6cf55584f32879ec042
vor 7 Jahren
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
vor 8 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Add ability to add linux network interface into OVS dpdk bridge Change-Id: I1c78c9ccbc14cefff8226db50258b56a713abfd5 Related-Prod: PROD-18111
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Initial commit
vor 9 Jahren
Fix mount examples in the README The enabled flag is mandatory.
vor 8 Jahren
Initial commit
vor 9 Jahren
nfs storage mount
vor 7 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
Initial commit
vor 9 Jahren
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
vor 8 Jahren
add swap partition support
vor 9 Jahren
Support for LVM
vor 9 Jahren
Fix mount examples in the README The enabled flag is mandatory.
vor 8 Jahren
Support for LVM
vor 9 Jahren
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
vor 7 Jahren
add startsector for partitions
vor 7 Jahren
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
vor 7 Jahren
add startsector for partitions
vor 7 Jahren
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
vor 7 Jahren
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
vor 7 Jahren
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
vor 7 Jahren
Refactored multipath support
vor 8 Jahren
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
vor 7 Jahren
* Splitting pam modules: - ldap - mkhomedir * Fixing dependency for mkhomedir refresh * Adding an ability to disable and enable moules Prod-Related: EME-220 Change-Id: I94feab03cef82c515c9c430b9828653e87100425
vor 6 Jahren
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
vor 7 Jahren
Refactored multipath support
vor 8 Jahren
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
vor 8 Jahren
Add support for external config generation
vor 8 Jahren
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
vor 7 Jahren
Refactored multipath support
vor 8 Jahren
Initial commit
vor 9 Jahren
Unify Makefile, .gitignore and update readme
vor 8 Jahren
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             email: 'jonh@doe.com'

  53.           jsmith:

  54.             name: 'jsmith'

  55.             enabled: true

  56.             full_name: 'With clear password'

  57.             home: '/home/jsmith'

  58.             hash_password: true

  59.             password: "userpassword"

  60.           mark:

  61.             name: 'mark'

  62.             enabled: true

  63.             full_name: "unchange password'

  64.             home: '/home/mark'

  65.             password: false

  66.           elizabeth:

  67.             name: 'elizabeth'

  68.             enabled: true

  69.             full_name: 'With hased password'

  70.             home: '/home/elizabeth'

  71.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  72. 

  73. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  74. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  75. 

  76. .. code-block:: jinja

  77. 

  78.    # simplified template:

  79.    Cmds_Alias {{ alias }}={{ commands }}

  80.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  81.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82. 

  83.    # when rendered:

  84.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  85. 

  86. .. code-block:: yaml

  87. 

  88.   linux:

  89.     system:

  90.       sudo:

  91.         enabled: true

  92.         aliases:

  93.           host:

  94.             LOCAL:

  95.             - localhost

  96.             PRODUCTION:

  97.             - db1

  98.             - db2

  99.           runas:

  100.             DBA:

  101.             - postgres

  102.             - mysql

  103.             SALT:

  104.             - root

  105.           command:

  106.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  107.             #       Best practice is to specify full list of commands user is allowed to run.

  108.             SUPPORT_RESTRICTED:

  109.             - /bin/vi /etc/sudoers*

  110.             - /bin/vim /etc/sudoers*

  111.             - /bin/nano /etc/sudoers*

  112.             - /bin/emacs /etc/sudoers*

  113.             - /bin/su - root

  114.             - /bin/su -

  115.             - /bin/su

  116.             - /usr/sbin/visudo

  117.             SUPPORT_SHELLS:

  118.             - /bin/sh

  119.             - /bin/ksh

  120.             - /bin/bash

  121.             - /bin/rbash

  122.             - /bin/dash

  123.             - /bin/zsh

  124.             - /bin/csh

  125.             - /bin/fish

  126.             - /bin/tcsh

  127.             - /usr/bin/login

  128.             - /usr/bin/su

  129.             - /usr/su

  130.             ALL_SALT_SAFE:

  131.             - /usr/bin/salt state*

  132.             - /usr/bin/salt service*

  133.             - /usr/bin/salt pillar*

  134.             - /usr/bin/salt grains*

  135.             - /usr/bin/salt saltutil*

  136.             - /usr/bin/salt-call state*

  137.             - /usr/bin/salt-call service*

  138.             - /usr/bin/salt-call pillar*

  139.             - /usr/bin/salt-call grains*

  140.             - /usr/bin/salt-call saltutil*

  141.             SALT_TRUSTED:

  142.             - /usr/bin/salt*

  143.         users:

  144.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  145.           saltuser1: {}

  146.           saltuser2:

  147.             hosts:

  148.             - LOCAL

  149.           # User Alias DBA

  150.           DBA:

  151.             hosts:

  152.             - ALL

  153.             commands:

  154.             - ALL_SALT_SAFE

  155.         groups:

  156.           db-ops:

  157.             hosts:

  158.             - ALL

  159.             - '!PRODUCTION'

  160.             runas:

  161.             - DBA

  162.             commands:

  163.             - /bin/cat *

  164.             - /bin/less *

  165.             - /bin/ls *

  166.           salt-ops:

  167.             hosts:

  168.             - 'ALL'

  169.             runas:

  170.             - SALT

  171.             commands:

  172.             - SUPPORT_SHELLS

  173.           salt-ops-2nd:

  174.             name: salt-ops

  175.             nopasswd: false

  176.             setenv: true # Enable sudo -E option

  177.             runas:

  178.             - DBA

  179.             commands:

  180.             - ALL

  181.             - '!SUPPORT_SHELLS'

  182.             - '!SUPPORT_RESTRICTED'

  183. 

  184. Linux with package, latest version

  185. 

  186. .. code-block:: yaml

  187. 

  188.     linux:

  189.       system:

  190.         ...

  191.         package:

  192.           package-name:

  193.             version: latest

  194. 

  195. Linux with package from certail repo, version with no upgrades

  196. 

  197. .. code-block:: yaml

  198. 

  199.     linux:

  200.       system:

  201.         ...

  202.         package:

  203.           package-name:

  204.             version: 2132.323

  205.             repo: 'custom-repo'

  206.             hold: true

  207. 

  208. Linux with package from certail repo, version with no GPG verification

  209. 

  210. .. code-block:: yaml

  211. 

  212.     linux:

  213.       system:

  214.         ...

  215.         package:

  216.           package-name:

  217.             version: 2132.323

  218.             repo: 'custom-repo'

  219.             verify: false

  220. 

  221. Linux with autoupdates (automatically install security package updates)

  222. 

  223. .. code-block:: yaml

  224. 

  225.     linux:

  226.       system:

  227.         ...

  228.         autoupdates:

  229.           enabled: true

  230.           mail: root@localhost

  231.           mail_only_on_error: true

  232.           remove_unused_dependencies: false

  233.           automatic_reboot: true

  234.           automatic_reboot_time: "02:00"

  235. 

  236. Linux with cron jobs

  237. By default it will use name as an identifier, unless identifier key is

  238. explicitly set or False (then it will use Salt's default behavior which is

  239. identifier same as command resulting in not being able to change it)

  240. 

  241. .. code-block:: yaml

  242. 

  243.     linux:

  244.       system:

  245.         ...

  246.         job:

  247.           cmd1:

  248.             command: '/cmd/to/run'

  249.             identifier: cmd1

  250.             enabled: true

  251.             user: 'root'

  252.             hour: 2

  253.             minute: 0

  254. 

  255. Linux security limits (limit sensu user memory usage to max 1GB):

  256. 

  257. .. code-block:: yaml

  258. 

  259.     linux:

  260.       system:

  261.         ...

  262.         limit:

  263.           sensu:

  264.             enabled: true

  265.             domain: sensu

  266.             limits:

  267.               - type: hard

  268.                 item: as

  269.                 value: 1000000

  270. 

  271. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  272. 

  273. .. code-block:: yaml

  274. 

  275.     linux:

  276.       system:

  277.         console:

  278.           tty1:

  279.             autologin: root

  280.           # Enable serial console

  281.           ttyS0:

  282.             autologin: root

  283.             rate: 115200

  284.             term: xterm

  285. 

  286. To disable set autologin to `false`.

  287. 

  288. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  289. command in ``while true`` loop and ``case`` context.

  290. Following will disallow dpkg to stop/start services for cassandra package automatically:

  291. 

  292. .. code-block:: yaml

  293. 

  294.     linux:

  295.       system:

  296.         policyrcd:

  297.           - package: cassandra

  298.             action: exit 101

  299.           - package: '*'

  300.             action: switch

  301. 

  302. Set system locales:

  303. 

  304. .. code-block:: yaml

  305. 

  306.     linux:

  307.       system:

  308.         locale:

  309.           en_US.UTF-8:

  310.             default: true

  311.           "cs_CZ.UTF-8 UTF-8":

  312.             enabled: true

  313. 

  314. Systemd settings:

  315. 

  316. .. code-block:: yaml

  317. 

  318.     linux:

  319.       system:

  320.         ...

  321.         systemd:

  322.           system:

  323.             Manager:

  324.               DefaultLimitNOFILE: 307200

  325.               DefaultLimitNPROC: 307200

  326.           user:

  327.             Manager:

  328.               DefaultLimitCPU: 2

  329.               DefaultLimitNPROC: 4

  330. 

  331. Ensure presence of directory:

  332. 

  333. .. code-block:: yaml

  334. 

  335.     linux:

  336.       system:

  337.         directory:

  338.           /tmp/test:

  339.             user: root

  340.             group: root

  341.             mode: 700

  342.             makedirs: true

  343. 

  344. Ensure presence of file by specifying it's source:

  345. 

  346. .. code-block:: yaml

  347. 

  348.     linux:

  349.       system:

  350.         file:

  351.           /tmp/test.txt:

  352.             source: http://example.com/test.txt

  353.             user: root #optional

  354.             group: root #optional

  355.             mode: 700 #optional

  356.             dir_mode: 700 #optional

  357.             encoding: utf-8 #optional

  358.             hash: <<hash>> or <<URI to hash>> #optional

  359.             makedirs: true #optional

  360. 

  361.     linux:

  362.       system:

  363.         file:

  364.           test.txt:

  365.             name: /tmp/test.txt

  366.             source: http://example.com/test.txt

  367. 

  368. Ensure presence of file by specifying it's contents:

  369. 

  370. .. code-block:: yaml

  371. 

  372.     linux:

  373.       system:

  374.         file:

  375.           /tmp/test.txt:

  376.             contents: |

  377.               line1

  378.               line2

  379. 

  380.     linux:

  381.       system:

  382.         file:

  383.           /tmp/test.txt:

  384.             contents_pillar: linux:network:hostname

  385. 

  386.     linux:

  387.       system:

  388.         file:

  389.           /tmp/test.txt:

  390.             contents_grains: motd

  391. 

  392. Ensure presence of file to be serialized through one of the serializer modules

  393. (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):

  394. 

  395. .. code-block:: yaml

  396. 

  397.     linux:

  398.       system:

  399.         file:

  400.           /tmp/test.json:

  401.             serialize: json

  402.             contents:

  403.               foo: 1

  404.               bar: 'bar'

  405. 

  406. Kernel

  407. ~~~~~~

  408. 

  409. Install always up to date LTS kernel and headers from Ubuntu trusty:

  410. 

  411. .. code-block:: yaml

  412. 

  413.     linux:

  414.       system:

  415.         kernel:

  416.           type: generic

  417.           lts: trusty

  418.           headers: true

  419. 

  420. Load kernel modules and add them to `/etc/modules`:

  421. 

  422. .. code-block:: yaml

  423. 

  424.     linux:

  425.       system:

  426.         kernel:

  427.           modules:

  428.             - nf_conntrack

  429.             - tp_smapi

  430.             - 8021q

  431. 

  432. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example

  433. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  434. 

  435. .. code-block:: yaml

  436. 

  437.     linux:

  438.       system:

  439.         kernel:

  440.           module:

  441.             nf_conntrack:

  442.               option:

  443.                 hashsize: 262144

  444. 

  445. 

  446. 

  447. Install specific kernel version and ensure all other kernel packages are

  448. not present. Also install extra modules and headers for this kernel:

  449. 

  450. .. code-block:: yaml

  451. 

  452.     linux:

  453.       system:

  454.         kernel:

  455.           type: generic

  456.           extra: true

  457.           headers: true

  458.           version: 4.2.0-22

  459. 

  460. Systcl kernel parameters

  461. 

  462. .. code-block:: yaml

  463. 

  464.     linux:

  465.       system:

  466.         kernel:

  467.           sysctl:

  468.             net.ipv4.tcp_keepalive_intvl: 3

  469.             net.ipv4.tcp_keepalive_time: 30

  470.             net.ipv4.tcp_keepalive_probes: 8

  471. 

  472. Configure kernel boot options:

  473. 

  474. .. code-block:: yaml

  475. 

  476.     linux:

  477.       system:

  478.         kernel:

  479.           boot_options:

  480.             - elevator=deadline

  481.             - spectre_v2=off

  482.             - nopti

  483. 

  484. 

  485. CPU

  486. ~~~

  487. 

  488. Enable cpufreq governor for every cpu:

  489. 

  490. .. code-block:: yaml

  491. 

  492.     linux:

  493.       system:

  494.         cpu:

  495.           governor: performance

  496. 

  497. 

  498. CGROUPS

  499. ~~~~~~~

  500. 

  501. Setup linux cgroups:

  502. 

  503. .. code-block:: yaml

  504. 

  505.     linux:

  506.       system:

  507.         cgroup:

  508.           enabled: true

  509.           group:

  510.             ceph_group_1:

  511.               controller:

  512.                 cpu:

  513.                   shares:

  514.                     value: 250

  515.                 cpuacct:

  516.                   usage:

  517.                     value: 0

  518.                 cpuset:

  519.                   cpus:

  520.                     value: 1,2,3

  521.                 memory:

  522.                   limit_in_bytes:

  523.                     value: 2G

  524.                   memsw.limit_in_bytes:

  525.                     value: 3G

  526.               mapping:

  527.                 subjects:

  528.                 - '@ceph'

  529.             generic_group_1:

  530.               controller:

  531.                 cpu:

  532.                   shares:

  533.                     value: 250

  534.                 cpuacct:

  535.                   usage:

  536.                     value: 0

  537.               mapping:

  538.                 subjects:

  539.                 - '*:firefox'

  540.                 - 'student:cp'

  541. 

  542. 

  543. Shared Libraries

  544. ~~~~~~~~~~~~~~~~

  545. 

  546. Set additional shared library to Linux system library path

  547. 

  548. .. code-block:: yaml

  549. 

  550.     linux:

  551.       system:

  552.         ld:

  553.           library:

  554.             java:

  555.               - /usr/lib/jvm/jre-openjdk/lib/amd64/server

  556.               - /opt/java/jre/lib/amd64/server

  557. 

  558. 

  559. Certificates

  560. ~~~~~~~~~~~~

  561. 

  562. Add certificate authority into system trusted CA bundle

  563. 

  564. .. code-block:: yaml

  565. 

  566.     linux:

  567.       system:

  568.         ca_certificates:

  569.           mycert: |

  570.             -----BEGIN CERTIFICATE-----

  571.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  572.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  573.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  574.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  575.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  576.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  577.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  578.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  579.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  580.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  581.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  582.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  583.             -----END CERTIFICATE-----

  584. 

  585. Sysfs

  586. ~~~~~

  587. 

  588. Install sysfsutils and set sysfs attributes:

  589. 

  590. .. code-block:: yaml

  591. 

  592.     linux:

  593.       system:

  594.         sysfs:

  595.           scheduler:

  596.             block/sda/queue/scheduler: deadline

  597.           power:

  598.             mode:

  599.               power/state: 0660

  600.             owner:

  601.               power/state: "root:power"

  602.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  603. 

  604. Optional: You can also use list that will ensure order of items.

  605. 

  606. .. code-block:: yaml

  607. 

  608.     linux:

  609.       system:

  610.         sysfs:

  611.           scheduler:

  612.             block/sda/queue/scheduler: deadline

  613.           power:

  614.             - mode:

  615.                 power/state: 0660

  616.             - owner:

  617.                 power/state: "root:power"

  618.             - devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  619. 

  620. Huge Pages

  621. ~~~~~~~~~~~~

  622. 

  623. Huge Pages give a performance boost to applications that intensively deal

  624. with memory allocation/deallocation by decreasing memory fragmentation.

  625. 

  626. .. code-block:: yaml

  627. 

  628.     linux:

  629.       system:

  630.         kernel:

  631.           hugepages:

  632.             small:

  633.               size: 2M

  634.               count: 107520

  635.               mount_point: /mnt/hugepages_2MB

  636.               mount: false/true # default is true (mount immediately) / false (just save in the fstab)

  637.             large:

  638.               default: true # default automatically mounted

  639.               size: 1G

  640.               count: 210

  641.               mount_point: /mnt/hugepages_1GB

  642. 

  643. Note: not recommended to use both pagesizes in concurrently.

  644. 

  645. Intel SR-IOV

  646. ~~~~~~~~~~~~

  647. 

  648. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  649. 

  650. .. code-block:: yaml

  651. 

  652.     linux:

  653.       system:

  654.         kernel:

  655.           sriov: True

  656.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  657.         rc:

  658.           local: |

  659.             #!/bin/sh -e

  660.             # Enable 7 VF on eth1

  661.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  662.             exit 0

  663. 

  664. Isolate CPU options

  665. ~~~~~~~~~~~~~~~~~~~

  666. 

  667. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  668. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  669. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  670. maximum value is 1 less than the number of CPUs on the system.

  671. 

  672. .. code-block:: yaml

  673. 

  674.     linux:

  675.       system:

  676.         kernel:

  677.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  678. 

  679. Repositories

  680. ~~~~~~~~~~~~

  681. 

  682. RedHat based Linux with additional OpenStack repo

  683. 

  684. .. code-block:: yaml

  685. 

  686.     linux:

  687.       system:

  688.         ...

  689.         repo:

  690.           rdo-icehouse:

  691.             enabled: true

  692.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  693.             pgpcheck: 0

  694. 

  695. Ensure system repository to use czech Debian mirror (``default: true``)

  696. Also pin it's packages with priority 900.

  697. 

  698. .. code-block:: yaml

  699. 

  700.    linux:

  701.      system:

  702.        repo:

  703.          debian:

  704.            default: true

  705.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  706.            # Import signing key from URL if needed

  707.            key_url: "http://dummy.com/public.gpg"

  708.            pin:

  709.              - pin: 'origin "ftp.cz.debian.org"'

  710.                priority: 900

  711.                package: '*'

  712. 

  713. 

  714. Package manager proxy setup globally:

  715. 

  716. .. code-block:: yaml

  717. 

  718.     linux:

  719.       system:

  720.         ...

  721.         repo:

  722.           apt-mk:

  723.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  724.         ...

  725.         proxy:

  726.           pkg:

  727.             enabled: true

  728.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  729.           ...

  730.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  731.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  732.           #

  733.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  734.           # as for https and http

  735.           ftp:   ftp://proxy.host.local:2121

  736.           http:  http://proxy.host.local:3142

  737.           https: https://proxy.host.local:3143

  738. 

  739. Package manager proxy setup per repository:

  740. 

  741. .. code-block:: yaml

  742. 

  743.     linux:

  744.       system:

  745.         ...

  746.         repo:

  747.           debian:

  748.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  749.         ...

  750.           apt-mk:

  751.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  752.             # per repository proxy

  753.             proxy:

  754.               enabled: true

  755.               http:  http://maas-01:8080

  756.               https: http://maas-01:8080

  757.         ...

  758.         proxy:

  759.           # package manager fallback defaults

  760.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  761.           pkg:

  762.             enabled: true

  763.             ftp:   ftp://proxy.host.local:2121

  764.             #http:  http://proxy.host.local:3142

  765.             #https: https://proxy.host.local:3143

  766.           ...

  767.           # global system fallback system defaults

  768.           ftp:   ftp://proxy.host.local:2121

  769.           http:  http://proxy.host.local:3142

  770.           https: https://proxy.host.local:3143

  771. 

  772. 

  773. Remove all repositories:

  774. 

  775. .. code-block:: yaml

  776. 

  777.     linux:

  778.       system:

  779.         purge_repos: true

  780. 

  781. Setup custom apt config options:

  782. 

  783. .. code-block:: yaml

  784. 

  785.     linux:

  786.       system:

  787.         apt:

  788.           config:

  789.             compression-workaround:

  790.               "Acquire::CompressionTypes::Order": "gz"

  791.             docker-clean:

  792.               "DPkg::Post-Invoke":

  793.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  794.               "APT::Update::Post-Invoke":

  795.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  796. 

  797. RC

  798. ~~

  799. 

  800. rc.local example

  801. 

  802. .. code-block:: yaml

  803. 

  804.    linux:

  805.      system:

  806.        rc:

  807.          local: |

  808.            #!/bin/sh -e

  809.            #

  810.            # rc.local

  811.            #

  812.            # This script is executed at the end of each multiuser runlevel.

  813.            # Make sure that the script will "exit 0" on success or any other

  814.            # value on error.

  815.            #

  816.            # In order to enable or disable this script just change the execution

  817.            # bits.

  818.            #

  819.            # By default this script does nothing.

  820.            exit 0

  821. 

  822. 

  823. Prompt

  824. ~~~~~~

  825. 

  826. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  827. user can have different prompt.

  828. 

  829. .. code-block:: yaml

  830. 

  831.     linux:

  832.       system:

  833.         prompt:

  834.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  835.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  836. 

  837. On Debian systems to set prompt system-wide it's necessary to remove setting

  838. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  839. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  840. touch existing user's ``~/.bashrc`` files except root.

  841. 

  842. Bash

  843. ~~~~

  844. 

  845. Fix bash configuration to preserve history across sessions (like ZSH does by

  846. default).

  847. 

  848. .. code-block:: yaml

  849. 

  850.     linux:

  851.       system:

  852.         bash:

  853.           preserve_history: true

  854. 

  855. Login banner message

  856. ~~~~~~~~~~~~~~~~~~~~

  857. 

  858. /etc/issue is a text file which contains a message or system

  859. identification to be printed before the login prompt.  It may contain

  860. various @char and \char sequences, if supported by the getty-type

  861. program employed on the system.

  862. 

  863. Setting logon banner message is easy:

  864. 

  865. .. code-block:: yaml

  866. 

  867.     liunx:

  868.       system:

  869.         banner:

  870.           enabled: true

  871.           contents: |

  872.             UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  873. 

  874.             You must have explicit, authorized permission to access or configure this

  875.             device. Unauthorized attempts and actions to access or use this system may

  876.             result in civil and/or criminal penalties.

  877.             All activities performed on this system are logged and monitored.

  878. 

  879. Message of the day

  880. ~~~~~~~~~~~~~~~~~~

  881. 

  882. ``pam_motd`` from package ``libpam-modules`` is used for dynamic messages of the

  883. day. Setting custom motd will cleanup existing ones.

  884. 

  885. Setting static motd will replace existing ``/etc/motd`` and remove scripts from

  886. ``/etc/update-motd.d``.

  887. 

  888. Setting static motd:

  889. 

  890. .. code-block:: yaml

  891. 

  892.     linux:

  893.       system:

  894.         motd: |

  895.           UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  896. 

  897.           You must have explicit, authorized permission to access or configure this

  898.           device. Unauthorized attempts and actions to access or use this system may

  899.           result in civil and/or criminal penalties.

  900.           All activities performed on this system are logged and monitored.

  901. 

  902. Setting dynamic motd:

  903. 

  904. .. code-block:: yaml

  905. 

  906.     linux:

  907.       system:

  908.         motd:

  909.           - release: |

  910.               #!/bin/sh

  911.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  912. 

  913.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  914.               	# Fall back to using the very slow lsb_release utility

  915.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  916.               fi

  917. 

  918.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  919.           - warning: |

  920.               #!/bin/sh

  921.               printf "This is [company name] network.\n"

  922.               printf "Unauthorized access strictly prohibited.\n"

  923. 

  924. Services

  925. ~~~~~~~~

  926. 

  927. Stop and disable linux service:

  928. 

  929. .. code-block:: yaml

  930. 

  931.     linux:

  932.       system:

  933.         service:

  934.           apt-daily.timer:

  935.             status: dead

  936. 

  937. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  938. 

  939. Linux with atop service:

  940. 

  941. .. code-block:: yaml

  942. 

  943.     linux:

  944.       system:

  945.         atop:

  946.           enabled: true

  947.           interval: 20

  948.           logpath: "/var/log/atop"

  949.           outfile: "/var/log/atop/daily.log"

  950. 

  951. Linux with mcelog service:

  952. 

  953. .. code-block:: yaml

  954. 

  955.     linux:

  956.       system:

  957.         mcelog:

  958.           enabled: true

  959.           logging:

  960.             syslog: true

  961.             syslog_error: true

  962. 

  963. RHEL / CentOS

  964. ^^^^^^^^^^^^^

  965. 

  966. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  967. no native support for dynamic motd.

  968. You can still set static one, only pillar structure differs:

  969. 

  970. .. code-block:: yaml

  971. 

  972.     linux:

  973.       system:

  974.         motd: |

  975.           This is [company name] network.

  976.           Unauthorized access strictly prohibited.

  977. 

  978. Haveged

  979. ~~~~~~~

  980. 

  981. If you are running headless server and are low on entropy, it may be a good

  982. idea to setup Haveged.

  983. 

  984. .. code-block:: yaml

  985. 

  986.     linux:

  987.       system:

  988.         haveged:

  989.           enabled: true

  990. 

  991. Linux network

  992. -------------

  993. 

  994. Linux with network manager

  995. 

  996. .. code-block:: yaml

  997. 

  998.     linux:

  999.       network:

  1000.         enabled: true

  1001.         network_manager: true

  1002. 

  1003. Linux with default static network interfaces, default gateway interface and DNS servers

  1004. 

  1005. .. code-block:: yaml

  1006. 

  1007.     linux:

  1008.       network:

  1009.         enabled: true

  1010.         interface:

  1011.           eth0:

  1012.             enabled: true

  1013.             type: eth

  1014.             address: 192.168.0.102

  1015.             netmask: 255.255.255.0

  1016.             gateway: 192.168.0.1

  1017.             name_servers:

  1018.             - 8.8.8.8

  1019.             - 8.8.4.4

  1020.             mtu: 1500

  1021. 

  1022. Linux with bonded interfaces and disabled NetworkManager

  1023. 

  1024. .. code-block:: yaml

  1025. 

  1026.     linux:

  1027.       network:

  1028.         enabled: true

  1029.         interface:

  1030.           eth0:

  1031.             type: eth

  1032.             ...

  1033.           eth1:

  1034.             type: eth

  1035.             ...

  1036.           bond0:

  1037.             enabled: true

  1038.             type: bond

  1039.             address: 192.168.0.102

  1040.             netmask: 255.255.255.0

  1041.             mtu: 1500

  1042.             use_in:

  1043.             - interface: ${linux:interface:eth0}

  1044.             - interface: ${linux:interface:eth0}

  1045.         network_manager:

  1046.           disable: true

  1047. 

  1048. Linux with vlan interface_params

  1049. 

  1050. .. code-block:: yaml

  1051. 

  1052.     linux:

  1053.       network:

  1054.         enabled: true

  1055.         interface:

  1056.           vlan69:

  1057.             type: vlan

  1058.             use_interfaces:

  1059.             - interface: ${linux:interface:bond0}

  1060. 

  1061. Linux with wireless interface parameters

  1062. 

  1063. .. code-block:: yaml

  1064. 

  1065.     linux:

  1066.       network:

  1067.         enabled: true

  1068.         gateway: 10.0.0.1

  1069.         default_interface: eth0

  1070.         interface:

  1071.           wlan0:

  1072.             type: eth

  1073.             wireless:

  1074.               essid: example

  1075.               key: example_key

  1076.               security: wpa

  1077.               priority: 1

  1078. 

  1079. Linux networks with routes defined

  1080. 

  1081. .. code-block:: yaml

  1082. 

  1083.     linux:

  1084.       network:

  1085.         enabled: true

  1086.         gateway: 10.0.0.1

  1087.         default_interface: eth0

  1088.         interface:

  1089.           eth0:

  1090.             type: eth

  1091.             route:

  1092.               default:

  1093.                 address: 192.168.0.123

  1094.                 netmask: 255.255.255.0

  1095.                 gateway: 192.168.0.1

  1096. 

  1097. Native Linux Bridges

  1098. 

  1099. .. code-block:: yaml

  1100. 

  1101.     linux:

  1102.       network:

  1103.         interface:

  1104.           eth1:

  1105.             enabled: true

  1106.             type: eth

  1107.             proto: manual

  1108.             up_cmds:

  1109.             - ip address add 0/0 dev $IFACE

  1110.             - ip link set $IFACE up

  1111.             down_cmds:

  1112.             - ip link set $IFACE down

  1113.           br-ex:

  1114.             enabled: true

  1115.             type: bridge

  1116.             address: ${linux:network:host:public_local:address}

  1117.             netmask: 255.255.255.0

  1118.             use_interfaces:

  1119.             - eth1

  1120. 

  1121. OpenVswitch Bridges

  1122. 

  1123. .. code-block:: yaml

  1124. 

  1125.     linux:

  1126.       network:

  1127.         bridge: openvswitch

  1128.         interface:

  1129.           eth1:

  1130.             enabled: true

  1131.             type: eth

  1132.             proto: manual

  1133.             up_cmds:

  1134.             - ip address add 0/0 dev $IFACE

  1135.             - ip link set $IFACE up

  1136.             down_cmds:

  1137.             - ip link set $IFACE down

  1138.           br-ex:

  1139.             enabled: true

  1140.             type: bridge

  1141.             address: ${linux:network:host:public_local:address}

  1142.             netmask: 255.255.255.0

  1143.             use_interfaces:

  1144.             - eth1

  1145.           br-prv:

  1146.             enabled: true

  1147.             type: ovs_bridge

  1148.             mtu: 65000

  1149.           br-ens7:

  1150.             enabled: true

  1151.             name: br-ens7

  1152.             type: ovs_bridge

  1153.             proto: manual

  1154.             mtu: 9000

  1155.             use_interfaces:

  1156.             - ens7

  1157.           patch-br-ens7-br-prv:

  1158.             enabled: true

  1159.             name: ens7-prv

  1160.             ovs_type: ovs_port

  1161.             type: ovs_port

  1162.             bridge: br-ens7

  1163.             port_type: patch

  1164.             peer: prv-ens7

  1165.             tag: 109 # [] to unset a tag

  1166.             mtu: 65000

  1167.           patch-br-prv-br-ens7:

  1168.             enabled: true

  1169.             name: prv-ens7

  1170.             bridge: br-prv

  1171.             ovs_type: ovs_port

  1172.             type: ovs_port

  1173.             port_type: patch

  1174.             peer: ens7-prv

  1175.             tag: 109

  1176.             mtu: 65000

  1177.           ens7:

  1178.             enabled: true

  1179.             name: ens7

  1180.             proto: manual

  1181.             ovs_port_type: OVSPort

  1182.             type: ovs_port

  1183.             ovs_bridge: br-ens7

  1184.             bridge: br-ens7

  1185. 

  1186. Debian manual proto interfaces

  1187. 

  1188. When you are changing interface proto from static in up state to manual, you

  1189. may need to flush ip addresses. For example, if you want to use the interface

  1190. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  1191. to true.

  1192. 

  1193. .. code-block:: yaml

  1194. 

  1195.     linux:

  1196.       network:

  1197.         interface:

  1198.           eth1:

  1199.             enabled: true

  1200.             type: eth

  1201.             proto: manual

  1202.             mtu: 9100

  1203.             ipflush_onchange: true

  1204. 

  1205. Debian static proto interfaces

  1206. 

  1207. When you are changing interface proto from dhcp in up state to static, you

  1208. may need to flush ip addresses and restart interface to assign ip address from a managed file.

  1209. For example, if you want to use the interface and the ip on the bridge.

  1210. This can be done by setting the ``ipflush_onchange`` with combination

  1211. ``restart_on_ipflush`` param set to to true.

  1212. 

  1213. .. code-block:: yaml

  1214. 

  1215.     linux:

  1216.       network:

  1217.         interface:

  1218.           eth1:

  1219.             enabled: true

  1220.             type: eth

  1221.             proto: static

  1222.             address: 10.1.0.22

  1223.             netmask: 255.255.255.0

  1224.             ipflush_onchange: true

  1225.             restart_on_ipflush: true

  1226. 

  1227. Concatinating and removing interface files

  1228. 

  1229. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1230. you can store configuration of network interfaces in separate files. You can

  1231. concatinate the files to the defined destination when needed, this operation

  1232. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1233. remove iface files, you can use the `remove_iface_files` key.

  1234. 

  1235. .. code-block:: yaml

  1236. 

  1237.     linux:

  1238.       network:

  1239.         concat_iface_files:

  1240.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1241.           dst: '/etc/network/interfaces'

  1242.         remove_iface_files:

  1243.         - '/etc/network/interfaces.d/90-custom.cfg'

  1244. 

  1245. 

  1246. DHCP client configuration

  1247. 

  1248. None of the keys is mandatory, include only those you really need. For full list

  1249. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1250. 

  1251. .. code-block:: yaml

  1252. 

  1253.      linux:

  1254.        network:

  1255.          dhclient:

  1256.            enabled: true

  1257.            backoff_cutoff: 15

  1258.            initial_interval: 10

  1259.            reboot: 10

  1260.            retry: 60

  1261.            select_timeout: 0

  1262.            timeout: 120

  1263.            send:

  1264.              - option: host-name

  1265.                declaration: "= gethostname()"

  1266.            supersede:

  1267.              - option: host-name

  1268.                declaration: "spaceship"

  1269.              - option: domain-name

  1270.                declaration: "domain.home"

  1271.              #- option: arp-cache-timeout

  1272.              #  declaration: 20

  1273.            prepend:

  1274.              - option: domain-name-servers

  1275.                declaration:

  1276.                  - 8.8.8.8

  1277.                  - 8.8.4.4

  1278.              - option: domain-search

  1279.                declaration:

  1280.                  - example.com

  1281.                  - eng.example.com

  1282.            #append:

  1283.              #- option: domain-name-servers

  1284.              #  declaration: 127.0.0.1

  1285.            # ip or subnet to reject dhcp offer from

  1286.            reject:

  1287.              - 192.33.137.209

  1288.              - 10.0.2.0/24

  1289.            request:

  1290.              - subnet-mask

  1291.              - broadcast-address

  1292.              - time-offset

  1293.              - routers

  1294.              - domain-name

  1295.              - domain-name-servers

  1296.              - domain-search

  1297.              - host-name

  1298.              - dhcp6.name-servers

  1299.              - dhcp6.domain-search

  1300.              - dhcp6.fqdn

  1301.              - dhcp6.sntp-servers

  1302.              - netbios-name-servers

  1303.              - netbios-scope

  1304.              - interface-mtu

  1305.              - rfc3442-classless-static-routes

  1306.              - ntp-servers

  1307.            require:

  1308.              - subnet-mask

  1309.              - domain-name-servers

  1310.            # if per interface configuration required add below

  1311.            interface:

  1312.              ens2:

  1313.                initial_interval: 11

  1314.                reject:

  1315.                  - 192.33.137.210

  1316.              ens3:

  1317.                initial_interval: 12

  1318.                reject:

  1319.                  - 192.33.137.211

  1320. 

  1321. Linux network systemd settings:

  1322. 

  1323. .. code-block:: yaml

  1324. 

  1325.     linux:

  1326.       network:

  1327.         ...

  1328.         systemd:

  1329.           link:

  1330.             10-iface-dmz:

  1331.               Match:

  1332.                 MACAddress: c8:5b:67:fa:1a:af

  1333.                 OriginalName: eth0

  1334.               Link:

  1335.                 Name: dmz0

  1336.           netdev:

  1337.             20-bridge-dmz:

  1338.               match:

  1339.                 name: dmz0

  1340.               network:

  1341.                 mescription: bridge

  1342.                 bridge: br-dmz0

  1343.           network:

  1344.           # works with lowercase, keys are by default capitalized

  1345.             40-dhcp:

  1346.               match:

  1347.                 name: '*'

  1348.               network:

  1349.                 DHCP: yes

  1350. 

  1351. 

  1352. Configure global environment variables

  1353. 

  1354. Use ``/etc/environment`` for static system wide variable assignment after

  1355. boot. Variable expansion is frequently not supported.

  1356. 

  1357. .. code-block:: yaml

  1358. 

  1359.     linux:

  1360.       system:

  1361.         env:

  1362.           BOB_VARIABLE: Alice

  1363.           ...

  1364.           BOB_PATH:

  1365.             - /srv/alice/bin

  1366.             - /srv/bob/bin

  1367.           ...

  1368.           ftp_proxy:   none

  1369.           http_proxy:  http://global-http-proxy.host.local:8080

  1370.           https_proxy: ${linux:system:proxy:https}

  1371.           no_proxy:

  1372.             - 192.168.0.80

  1373.             - 192.168.1.80

  1374.             - .domain.com

  1375.             - .local

  1376.         ...

  1377.         # NOTE: global defaults proxy configuration.

  1378.         proxy:

  1379.           ftp:   ftp://proxy.host.local:2121

  1380.           http:  http://proxy.host.local:3142

  1381.           https: https://proxy.host.local:3143

  1382.           noproxy:

  1383.             - .domain.com

  1384.             - .local

  1385. 

  1386. Configure profile.d scripts

  1387. 

  1388. The profile.d scripts are being sourced during .sh execution and support

  1389. variable expansion in opposite to /etc/environment global settings in

  1390. ``/etc/environment``.

  1391. 

  1392. .. code-block:: yaml

  1393. 

  1394.     linux:

  1395.       system:

  1396.         profile:

  1397.           locales: |

  1398.             export LANG=C

  1399.             export LC_ALL=C

  1400.           ...

  1401.           vi_flavors.sh: |

  1402.             export PAGER=view

  1403.             export EDITOR=vim

  1404.             alias vi=vim

  1405.           shell_locales.sh: |

  1406.             export LANG=en_US

  1407.             export LC_ALL=en_US.UTF-8

  1408.           shell_proxies.sh: |

  1409.             export FTP_PROXY=ftp://127.0.3.3:2121

  1410.             export NO_PROXY='.local'

  1411. 

  1412. Linux with hosts

  1413. 

  1414. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1415. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1416. and hostname + fqdn.

  1417. 

  1418. It's good to use this option if you want to ensure /etc/hosts is always in a

  1419. clean state however it's not enabled by default for safety.

  1420. 

  1421. .. code-block:: yaml

  1422. 

  1423.     linux:

  1424.       network:

  1425.         purge_hosts: true

  1426.         host:

  1427.           # No need to define this one if purge_hosts is true

  1428.           hostname:

  1429.             address: 127.0.1.1

  1430.             names:

  1431.             - ${linux:network:fqdn}

  1432.             - ${linux:network:hostname}

  1433.           node1:

  1434.             address: 192.168.10.200

  1435.             names:

  1436.             - node2.domain.com

  1437.             - service2.domain.com

  1438.           node2:

  1439.             address: 192.168.10.201

  1440.             names:

  1441.             - node2.domain.com

  1442.             - service2.domain.com

  1443. 

  1444. Linux with hosts collected from mine

  1445. 

  1446. In this case all dns records defined within infrastrucuture will be passed to

  1447. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1448. true will be propagated to the mine.

  1449. 

  1450. .. code-block:: yaml

  1451. 

  1452.     linux:

  1453.       network:

  1454.         purge_hosts: true

  1455.         mine_dns_records: true

  1456.         host:

  1457.           node1:

  1458.             address: 192.168.10.200

  1459.             grain: true

  1460.             names:

  1461.             - node2.domain.com

  1462.             - service2.domain.com

  1463. 

  1464. Setup resolv.conf, nameservers, domain and search domains

  1465. 

  1466. .. code-block:: yaml

  1467. 

  1468.     linux:

  1469.       network:

  1470.         resolv:

  1471.           dns:

  1472.           - 8.8.4.4

  1473.           - 8.8.8.8

  1474.           domain: my.example.com

  1475.           search:

  1476.           - my.example.com

  1477.           - example.com

  1478.           options:

  1479.           - ndots: 5

  1480.           - timeout: 2

  1481.           - attempts: 2

  1482. 

  1483. setting custom TX queue length for tap interfaces

  1484. 

  1485. .. code-block:: yaml

  1486. 

  1487.     linux:

  1488.       network:

  1489.         tap_custom_txqueuelen: 10000

  1490. 

  1491. DPDK OVS interfaces

  1492. 

  1493. **DPDK OVS NIC**

  1494. 

  1495. .. code-block:: yaml

  1496. 

  1497.     linux:

  1498.       network:

  1499.         bridge: openvswitch

  1500.         dpdk:

  1501.           enabled: true

  1502.           driver: uio/vfio

  1503.         openvswitch:

  1504.           pmd_cpu_mask: "0x6"

  1505.           dpdk_socket_mem: "1024,1024"

  1506.           dpdk_lcore_mask: "0x400"

  1507.           memory_channels: 2

  1508.         interface:

  1509.           dpkd0:

  1510.             name: ${_param:dpdk_nic}

  1511.             pci: 0000:06:00.0

  1512.             driver: igb_uio/vfio-pci

  1513.             enabled: true

  1514.             type: dpdk_ovs_port

  1515.             n_rxq: 2

  1516.             pmd_rxq_affinity: "0:1,1:2"

  1517.             bridge: br-prv

  1518.             mtu: 9000

  1519.           br-prv:

  1520.             enabled: true

  1521.             type: dpdk_ovs_bridge

  1522. 

  1523. **DPDK OVS Bond**

  1524. 

  1525. .. code-block:: yaml

  1526. 

  1527.     linux:

  1528.       network:

  1529.         bridge: openvswitch

  1530.         dpdk:

  1531.           enabled: true

  1532.           driver: uio/vfio

  1533.         openvswitch:

  1534.           pmd_cpu_mask: "0x6"

  1535.           dpdk_socket_mem: "1024,1024"

  1536.           dpdk_lcore_mask: "0x400"

  1537.           memory_channels: 2

  1538.         interface:

  1539.           dpdk_second_nic:

  1540.             name: ${_param:primary_second_nic}

  1541.             pci: 0000:06:00.0

  1542.             driver: igb_uio/vfio-pci

  1543.             bond: dpdkbond0

  1544.             enabled: true

  1545.             type: dpdk_ovs_port

  1546.             n_rxq: 2

  1547.             pmd_rxq_affinity: "0:1,1:2"

  1548.             mtu: 9000

  1549.           dpdk_first_nic:

  1550.             name: ${_param:primary_first_nic}

  1551.             pci: 0000:05:00.0

  1552.             driver: igb_uio/vfio-pci

  1553.             bond: dpdkbond0

  1554.             enabled: true

  1555.             type: dpdk_ovs_port

  1556.             n_rxq: 2

  1557.             pmd_rxq_affinity: "0:1,1:2"

  1558.             mtu: 9000

  1559.           dpdkbond0:

  1560.             enabled: true

  1561.             bridge: br-prv

  1562.             type: dpdk_ovs_bond

  1563.             mode: active-backup

  1564.           br-prv:

  1565.             enabled: true

  1566.             type: dpdk_ovs_bridge

  1567. 

  1568. **DPDK OVS LACP Bond with vlan tag**

  1569. 

  1570. .. code-block:: yaml

  1571. 

  1572.     linux:

  1573.       network:

  1574.         bridge: openvswitch

  1575.         dpdk:

  1576.           enabled: true

  1577.           driver: uio

  1578.         openvswitch:

  1579.           pmd_cpu_mask: "0x6"

  1580.           dpdk_socket_mem: "1024,1024"

  1581.           dpdk_lcore_mask: "0x400"

  1582.           memory_channels: "2"

  1583.         interface:

  1584.           eth3:

  1585.             enabled: true

  1586.             type: eth

  1587.             proto: manual

  1588.             name: ${_param:tenant_first_nic}

  1589.           eth4:

  1590.             enabled: true

  1591.             type: eth

  1592.             proto: manual

  1593.             name: ${_param:tenant_second_nic}

  1594.           dpdk0:

  1595.             name: ${_param:tenant_first_nic}

  1596.             pci: "0000:81:00.0"

  1597.             driver: igb_uio

  1598.             bond: bond1

  1599.             enabled: true

  1600.             type: dpdk_ovs_port

  1601.             n_rxq: 2

  1602.           dpdk1:

  1603.             name: ${_param:tenant_second_nic}

  1604.             pci: "0000:81:00.1"

  1605.             driver: igb_uio

  1606.             bond: bond1

  1607.             enabled: true

  1608.             type: dpdk_ovs_port

  1609.             n_rxq: 2

  1610.           bond1:

  1611.             enabled: true

  1612.             bridge: br-prv

  1613.             type: dpdk_ovs_bond

  1614.             mode: balance-slb

  1615.           br-prv:

  1616.             enabled: true

  1617.             type: dpdk_ovs_bridge

  1618.             tag: ${_param:tenant_vlan}

  1619.             address: ${_param:tenant_address}

  1620.             netmask: ${_param:tenant_network_netmask}

  1621. 

  1622. **DPDK OVS bridge for VXLAN**

  1623. 

  1624. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1625. 

  1626. .. code-block:: yaml

  1627. 

  1628.     linux:

  1629.       network:

  1630.         ...

  1631.         interface:

  1632.           br-prv:

  1633.             enabled: true

  1634.             type: dpdk_ovs_bridge

  1635.             address: 192.168.50.0

  1636.             netmask: 255.255.255.0

  1637.             tag: 101

  1638.             mtu: 9000

  1639. 

  1640. 

  1641. 

  1642. **DPDK OVS bridge with Linux network interface**

  1643. 

  1644. .. code-block:: yaml

  1645. 

  1646.     linux:

  1647.       network:

  1648.         ...

  1649.         interface:

  1650.           eth0:

  1651.             type: eth

  1652.             ovs_bridge: br-prv

  1653.             ...

  1654.           br-prv:

  1655.             enabled: true

  1656.             type: dpdk_ovs_bridge

  1657.             ...

  1658. 

  1659. Linux storage

  1660. -------------

  1661. 

  1662. Linux with mounted Samba

  1663. 

  1664. .. code-block:: yaml

  1665. 

  1666.     linux:

  1667.       storage:

  1668.         enabled: true

  1669.         mount:

  1670.           samba1:

  1671.           - enabled: true

  1672.           - path: /media/myuser/public/

  1673.           - device: //192.168.0.1/storage

  1674.           - file_system: cifs

  1675.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1676. 

  1677. NFS mount

  1678. 

  1679. .. code-block:: yaml

  1680. 

  1681.   linux:

  1682.     storage:

  1683.       enabled: true

  1684.       mount:

  1685.         nfs_glance:

  1686.           enabled: true

  1687.           path: /var/lib/glance/images

  1688.           device: 172.16.10.110:/var/nfs/glance

  1689.           file_system: nfs

  1690.           opts: rw,sync

  1691. 

  1692. 

  1693. File swap configuration

  1694. 

  1695. .. code-block:: yaml

  1696. 

  1697.     linux:

  1698.       storage:

  1699.         enabled: true

  1700.         swap:

  1701.           file:

  1702.             enabled: true

  1703.             engine: file

  1704.             device: /swapfile

  1705.             size: 1024

  1706. 

  1707. Partition swap configuration

  1708. 

  1709. .. code-block:: yaml

  1710. 

  1711.     linux:

  1712.       storage:

  1713.         enabled: true

  1714.         swap:

  1715.           partition:

  1716.             enabled: true

  1717.             engine: partition

  1718.             device: /dev/vg0/swap

  1719. 

  1720. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1721. 

  1722. .. code-block:: yaml

  1723. 

  1724.     parameters:

  1725.       linux:

  1726.         storage:

  1727.           mount:

  1728.             data:

  1729.               enabled: true

  1730.               device: /dev/vg1/data

  1731.               file_system: ext4

  1732.               path: /mnt/data

  1733.           lvm:

  1734.             vg1:

  1735.               enabled: true

  1736.               devices:

  1737.                 - /dev/sdb

  1738.               volume:

  1739.                 data:

  1740.                   size: 40G

  1741.                   mount: ${linux:storage:mount:data}

  1742. 

  1743. Create partitions on disk. Specify size in MB. It expects empty

  1744. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1745. 

  1746. .. code-block:: yaml

  1747. 

  1748.       linux:

  1749.         storage:

  1750.           disk:

  1751.             first_drive:

  1752.               startsector: 1

  1753.               name: /dev/loop1

  1754.               type: gpt

  1755.               partitions:

  1756.                 - size: 200 #size in MB

  1757.                   type: fat32

  1758.                 - size: 300 #size in MB

  1759.                   mkfs: True

  1760.                   type: xfs

  1761.             /dev/vda1:

  1762.               partitions:

  1763.                 - size: 5

  1764.                   type: ext2

  1765.                 - size: 10

  1766.                   type: ext4

  1767. 

  1768. Multipath with Fujitsu Eternus DXL

  1769. 

  1770. .. code-block:: yaml

  1771. 

  1772.     parameters:

  1773.       linux:

  1774.         storage:

  1775.           multipath:

  1776.             enabled: true

  1777.             blacklist_devices:

  1778.             - /dev/sda

  1779.             - /dev/sdb

  1780.             backends:

  1781.             - fujitsu_eternus_dxl

  1782. 

  1783. Multipath with Hitachi VSP 1000

  1784. 

  1785. .. code-block:: yaml

  1786. 

  1787.     parameters:

  1788.       linux:

  1789.         storage:

  1790.           multipath:

  1791.             enabled: true

  1792.             blacklist_devices:

  1793.             - /dev/sda

  1794.             - /dev/sdb

  1795.             backends:

  1796.             - hitachi_vsp1000

  1797. 

  1798. Multipath with IBM Storwize

  1799. 

  1800. .. code-block:: yaml

  1801. 

  1802.     parameters:

  1803.       linux:

  1804.         storage:

  1805.           multipath:

  1806.             enabled: true

  1807.             blacklist_devices:

  1808.             - /dev/sda

  1809.             - /dev/sdb

  1810.             backends:

  1811.             - ibm_storwize

  1812. 

  1813. Multipath with multiple backends

  1814. 

  1815. .. code-block:: yaml

  1816. 

  1817.     parameters:

  1818.       linux:

  1819.         storage:

  1820.           multipath:

  1821.             enabled: true

  1822.             blacklist_devices:

  1823.             - /dev/sda

  1824.             - /dev/sdb

  1825.             - /dev/sdc

  1826.             - /dev/sdd

  1827.             backends:

  1828.             - ibm_storwize

  1829.             - fujitsu_eternus_dxl

  1830.             - hitachi_vsp1000

  1831. 

  1832. PAM LDAP integration

  1833. 

  1834. .. code-block:: yaml

  1835. 

  1836.     parameters:

  1837.       linux:

  1838.         system:

  1839.           auth:

  1840.             enabled: true

  1841.             mkhomedir:

  1842.               enabled: true

  1843.               umask: 0027

  1844.             ldap:

  1845.               enabled: true

  1846.               binddn: cn=bind,ou=service_users,dc=example,dc=com

  1847.               bindpw: secret

  1848.               uri: ldap://127.0.0.1

  1849.               base: ou=users,dc=example,dc=com

  1850.               ldap_version: 3

  1851.               pagesize: 65536

  1852.               referrals: off

  1853.               filter:

  1854.                 passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1855.                 shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1856.                 group:  (&(objectClass=group)(gidNumber=*))

  1857. 

  1858. Disabled multipath (the default setup)

  1859. 

  1860. .. code-block:: yaml

  1861. 

  1862.     parameters:

  1863.       linux:

  1864.         storage:

  1865.           multipath:

  1866.             enabled: false

  1867. 

  1868. Linux with local loopback device

  1869. 

  1870. .. code-block:: yaml

  1871. 

  1872.     linux:

  1873.       storage:

  1874.         loopback:

  1875.           disk1:

  1876.             file: /srv/disk1

  1877.             size: 50G

  1878. 

  1879. External config generation

  1880. --------------------------

  1881. 

  1882. You are able to use config support metadata between formulas and only generate

  1883. config files for external use, eg. docker, etc.

  1884. 

  1885. .. code-block:: yaml

  1886. 

  1887.     parameters:

  1888.       linux:

  1889.         system:

  1890.           config:

  1891.             pillar:

  1892.               jenkins:

  1893.                 master:

  1894.                   home: /srv/volumes/jenkins

  1895.                   approved_scripts:

  1896.                     - method java.net.URL openConnection

  1897.                   credentials:

  1898.                     - type: username_password

  1899.                       scope: global

  1900.                       id: test

  1901.                       desc: Testing credentials

  1902.                       username: test

  1903.                       password: test

  1904. 

  1905. Netconsole Remote Kernel Logging

  1906. --------------------------------

  1907. 

  1908. Netconsole logger could be configured for configfs-enabled kernels

  1909. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1910. runtime (if network is already configured), and on-boot after interface

  1911. initialization. Notes:

  1912. 

  1913.  * receiver could be located only in same L3 domain

  1914.    (or you need to configure gateway MAC manually)

  1915.  * receiver's MAC is detected only on configuration time

  1916.  * using broadcast MAC is not recommended

  1917. 

  1918. .. code-block:: yaml

  1919. 

  1920.     parameters:

  1921.       linux:

  1922.         system:

  1923.           netconsole:

  1924.             enabled: true

  1925.             port: 514 (optional)

  1926.             loglevel: debug (optional)

  1927.             target:

  1928.               192.168.0.1:

  1929.                 interface: bond0

  1930.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1931. 

  1932. Usage

  1933. =====

  1934. 

  1935. Set mtu of network interface eth0 to 1400

  1936. 

  1937. .. code-block:: bash

  1938. 

  1939.     ip link set dev eth0 mtu 1400

  1940. 

  1941. Read more

  1942. =========

  1943. 

  1944. * https://www.archlinux.org/

  1945. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1946. 

  1947. Documentation and Bugs

  1948. ======================

  1949. 

  1950. To learn how to install and update salt-formulas, consult the documentation

  1951. available online at:

  1952. 

  1953.     http://salt-formulas.readthedocs.io/

  1954. 

  1955. In the unfortunate event that bugs are discovered, they should be reported to

  1956. the appropriate issue tracker. Use Github issue tracker for specific salt

  1957. formula:

  1958. 

  1959.     https://github.com/salt-formulas/salt-formula-linux/issues

  1960. 

  1961. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1962. use Launchpad salt-formulas project:

  1963. 

  1964.     https://launchpad.net/salt-formulas

  1965. 

  1966. You can also join salt-formulas-users team and subscribe to mailing list:

  1967. 

  1968.     https://launchpad.net/~salt-formulas-users

  1969. 

  1970. Developers wishing to work on the salt-formulas projects should always base

  1971. their work on master branch and submit pull request against specific formula.

  1972. 

  1973.     https://github.com/salt-formulas/salt-formula-linux

  1974. 

  1975. Any questions or feedback is always welcome so feel free to join our IRC

  1976. channel:

  1977. 

  1978.     #salt-formulas @ irc.freenode.net